A high percentage of data stored in the UK by organisations is subject to privacy and data protection legislation. Research conducted by IDG Connect for SunGard Availability Services found that 70% of small to medium sized businesses have more than 80% of their data in this category.

This has three major business implications:

1. Data compliance

Organisations that store large volumes of information must comply with both UK and European regulations. This not only means paying close attention to how – and where – that data is stored and protected, but also how it is handled during migration to an external cloud based service platform.

For example, all businesses located in the UK fall under the Data Protection Act 1998. This includes an obligation for the customer to retain close control over personal data, even when it is being processed by a third party on its behalf. The customer also retains legal responsibility for the data’s integrity.

2. EU legislation

Whilst EU law does not prohibit the transfer of personal data outside the European Economic Area (EEA) – which comprises all the countries in the EU, plus Iceland, Liechtenstein and Norway – it does insist on various safeguards before that processing can take place.

The only exception is when the destination country has been pre-approved by the European Commission as having adequate data protection, including measures for isolating and deleting data where appropriate.

3. Transparency required

So how can external cloud service providers allay valid concerns about data protection compliance? Before being trusted to handle company information they must:

For their part, client companies should work closely with the provider to establish the exact details of service policies, processes and controls governing the security of their personal data. They also need to confirm the provision of safeguards to ensure that information is stored in line with applicable laws.